F
Frisk
Hello,
I hope somebody can help me.
I have a win 2000 domain, and last week i experimented with the
restricted groups policy on the domain.
Basically i thought it was a good idea to allow my tech support staff
to be able to log onto any of our workstations (200+) with local
administrator privileges. I created a restricted group for
administrators and made the "tech" security group a member.
What i didn't realise is that restrictive groups work exclusively,
removing local administrator privileges from all other accounts.
In order to fix this problem and with a little help from Florian
(thanks) i removed the restrictive group and created a new restrictive
group for administrators and made domain/administrator and
domain/domain admins members.
This appeared to work when i logged onto workstations however not
everything has been properly restored.
I'm getting a few errors. Things like Veritas wont work. Veritas gives
me a "This service account does not have the necessary user right "Log
on as a service."" error even though the service account it uses is
administrator.
I'm also getting a "Security policies are propagated with warning.
0x534 : No mapping between account names and security IDs was done."
error which when i run some tests points to "Power Users" on the group
domain policy.
Whats the easiest way to restore the administrator account to its
default domain priviliges, the same priviliges it has over a domain
when installed. I really dont want to have to reinstall the pdc and
dc's again...
I would really appreciate any help.
Thanks
I hope somebody can help me.
I have a win 2000 domain, and last week i experimented with the
restricted groups policy on the domain.
Basically i thought it was a good idea to allow my tech support staff
to be able to log onto any of our workstations (200+) with local
administrator privileges. I created a restricted group for
administrators and made the "tech" security group a member.
What i didn't realise is that restrictive groups work exclusively,
removing local administrator privileges from all other accounts.
In order to fix this problem and with a little help from Florian
(thanks) i removed the restrictive group and created a new restrictive
group for administrators and made domain/administrator and
domain/domain admins members.
This appeared to work when i logged onto workstations however not
everything has been properly restored.
I'm getting a few errors. Things like Veritas wont work. Veritas gives
me a "This service account does not have the necessary user right "Log
on as a service."" error even though the service account it uses is
administrator.
I'm also getting a "Security policies are propagated with warning.
0x534 : No mapping between account names and security IDs was done."
error which when i run some tests points to "Power Users" on the group
domain policy.
Whats the easiest way to restore the administrator account to its
default domain priviliges, the same priviliges it has over a domain
when installed. I really dont want to have to reinstall the pdc and
dc's again...
I would really appreciate any help.
Thanks